> A couple of recent discussions in a few board threads contributed to by our competitors have questioned CipherCloud’s approach to delivering cloud information protection.
You might want to recalibrate it; the mercury should have burst the tube at this point. Searching encrypted data is impossible without fully homomorphic encryption and fully homomorphic encryption is wildly impractical for use at present.
"Contributed to by our competitors" -- if that's the case, the competitors are giving informative SO answers about crypto. Whereas they are engaging in censorious shenanigans. I, for one, prefer the "competitors'" contributions.
Don't those require that the client actually do the searching? (I couldn't devote enough time to read them now, so I only read the abstracts. Thank you, by the way, for sending the links; this kind of stuff is really interesting.)
To be specific I mean a second party being able to search the data for arbitrary strings would mean the security of it was broken completely, and I thought this service was storing and searching without client input.
I am not really sure what it is that CipherCloud provides or even claims to provide; it looks like a big pile of buzzwords but few details. I am not sure what sort of a service would be searching ciphertexts without some input from the client -- at the very least, the service will need to know what to search for.
You are correct that the PIR and ORAM protocols involve the client performing some of the work of the search. The point is that the client does not need to store or scan the entire database (for ORAMs there is usually a one-time setup that involves scanning the database, but this can be viewed as "uploading" the data to the server; this may not be acceptable for all use-cases). With FHE, the client will perform less work, but still has to at least encrypt its query and decrypt the result. However, FHE is still many years from practicality, whereas PIR is practical now (but maybe not for database search) and ORAMs are nearly practical.
"Contributed to by our competitors" -- if that's the case, the competitors are giving informative SO answers about crypto. Whereas they are engaging in censorious shenanigans. I, for one, prefer the "competitors'" contributions.